AI-Powered Scam Detection & Awareness Platform
ElderShield protects elderly users from scams — phishing, impersonation, tech support fraud, romance scams, and more. Seniors submit suspicious messages or screenshots, a local AI model analyzes the content, and caregivers are automatically alerted to high-risk reports.
- Demo
- Project Overview
- Goals
- Local Setup
- AI Component
- Database Schema
- Subscription & Billing
- Cybersecurity & Privacy
- Technology Stack
- Documentation
- Author
- License
ElderShield uses a three-role system with a role-aware interface for each user type.
A simplified, accessibility-first interface designed for seniors.
- Submit suspicious messages, calls, or emails for AI analysis (text + optional screenshot)
- Receive a scam likelihood score (0–100%) with a plain-language explanation
- View detected scam type and manipulation tactics
- Get clear "What to do next" guidance written for a non-technical audience
- Review, edit, and delete previously submitted reports
A monitoring interface for family members and professional caregivers.
- Monitor incidents submitted by linked elders
- Receive automatic notifications for medium (≥40%) and high-risk (≥70%) reports
- View 7-day incident analytics: daily volume chart + top scam categories this week
- Manage caregiver–elder relationships (link requests, approvals, revocations)
- Free plan: up to 2 linked elders — Premium plan: unlimited
A full management console for platform administration.
- Manage all users, roles, and account status
- Broadcast notifications to all users or send targeted messages to one user
- Manually edit or re-run AI analysis on any incident
- Manage caregiver subscription plans (upgrade, downgrade, pause)
- View 30-day incident analytics: volume chart, risk distribution donut, scam category breakdown, month-over-month comparison
- Reduce scam victimization among elderly populations
- Provide easy-to-understand scam explanations written for seniors
- Enable caregivers to intervene before financial or emotional harm occurs
- Maintain strong privacy and cybersecurity practices through secure system design
- Run fully offline — no cloud AI dependency, no user data sent to third parties
- PHP 8.1+
- MySQL 5.7.8+ or MariaDB 10.2.7+ (required for JSON column type)
- Apache via MAMP (Mac) or WAMP (Windows)
- PHP extensions:
pdo_mysqlandcurl - Ollama — optional, required only for AI scam analysis
MAMP (Mac): Copy the project into /Applications/MAMP/htdocs/eldershield/
WAMP (Windows): Copy the project into C:\wamp64\www\eldershield\
Open src/config/config.php and uncomment the line that matches your setup:
// define('APP_URL', 'http://localhost/eldershield/src'); // WAMP or MAMP Pro
// define('APP_URL', 'http://localhost:8888/eldershield/src'); // MAMP StandardOpen src/config/db.php and set DB_PORT to match your environment:
- WAMP or MAMP Pro →
3306 - MAMP Standard →
8889
In phpMyAdmin, create a database named eldershield, then import src/database/eldershield.sql. This creates all tables and three starter accounts ready for login.
Left-click the WAMP tray icon → PHP → PHP Extensions → enable php_pdo_mysql and php_curl. WAMP will restart Apache automatically.
WAMP users — security headers: The app's security headers (CSP, X-Frame-Options, etc.) require
mod_headersto be active. Left-click the WAMP tray icon → Apache → Apache Modules → enableheaders_module. Without this the app still runs normally, but the security headers will not be applied.
Visit the seed URL in your browser (adjust port if needed):
http://localhost/eldershield/src/database/seed.php
This populates 19 users, 30+ realistic scam incidents, caregiver links, and full analytics data. Delete seed.php after running it.
Download from ollama.ai, then run:
ollama pull qwen3-vl:8bThe app runs without Ollama — submitted incidents will show an analysis error message until it is running.
| Role | Password | |
|---|---|---|
| Admin | admin@eldershield.com | password123 |
| Elder | dorothy@example.com | password123 |
| Caregiver | sarah@example.com | password123 |
ElderShield uses Ollama running locally to analyze scam reports — no external API keys or internet connection required. The default model is qwen3-vl:8b, a vision-capable model that can analyze both text descriptions and uploaded screenshots.
Analysis runs asynchronously in a background CLI process so the elder's page loads immediately while the AI works. Results are saved to the database and the page auto-refreshes when ready.
The AI detects patterns including:
- Urgency and time pressure
- Fear-based language
- Authority impersonation
- Gift card, wire transfer, and prepaid card requests
- Social engineering tactics common in grandparent, romance, and tech support scams
Each incident generates structured output with five fields:
| Field | Description |
|---|---|
scam_probability |
Integer 0–100 |
scam_category |
phishing, impersonation, romance_scam, tech_support, lottery_prize, grandparent_scam, investment_fraud, other, or not_a_scam |
manipulation_tactics |
Array of detected tactic labels (e.g. urgency, fear_based_language) |
explanation_simple |
2–3 plain sentences written for a senior audience |
recommended_action |
2–3 concrete steps the user should take |
Admins can manually override any field or trigger a fresh AI re-run from the incident detail page.
Built on MySQL with 5 tables in a fully relational design.
| Table | Purpose |
|---|---|
users |
All accounts — elders, caregivers, admins. Stores role, plan (free/premium), plan expiry, and active status |
incidents |
Scam reports submitted by elders. Links to user, stores content, optional image path, and status |
analysis |
One-to-one with incidents. Stores AI output: probability, category, tactics, explanation, recommended action |
account_links |
Caregiver–elder relationships. Status: pending, active, or revoked |
notifications |
In-app notifications. Supports auto-alerts, admin broadcasts, and targeted single-user messages |
| Plan | Price | Elder Link Limit |
|---|---|---|
| Caregiver Free | $0 | 2 |
| Caregiver Premium | $9.99/month | Unlimited |
| Elder | Always free | N/A |
- Invoices generated monthly via
cli/run_billing.php(designed for a cron job) - Payment processing simulated at 95% success rate for demo purposes
- Failed payments generate a caregiver notification and can be retried from the billing page
- Admins can upgrade, downgrade, or pause any caregiver's plan from
admin_subscriptions.php
- PDO prepared statements — all database queries parameterized; no SQL injection possible
- bcrypt password hashing — cost factor 12; minimum 7 characters enforced at form and server level
- CSRF tokens on every state-changing form
- Session ID regeneration on login (prevents session fixation attacks)
- Image validation — uploads checked by MIME type,
getimagesize(), and extension whitelist (JPG, PNG, GIF, WEBP) - PHP execution blocked in the
uploads/directory via.htaccess - Output escaping — all user-generated content escaped with
htmlspecialchars()via thee()helper - Security headers on every response:
Content-Security-Policy,X-Frame-Options,X-Content-Type-Options,Referrer-Policy - Local AI only — Ollama runs fully offline; no user data transmitted to any external service
| Layer | Technology |
|---|---|
| Backend | PHP 8.1+ |
| Database | MySQL (PDO) |
| Frontend | HTML5 + CSS3 (custom, no framework) |
| AI / NLP | Ollama (local) — default model: qwen3-vl:8b |
| Web Server | Apache via MAMP or XAMPP |
| Security | bcrypt · CSRF tokens · PDO · session hardening · CSP headers |
Joe Milner — github.com/syrm4
Originally built as a team project with Sunny Nguyen and Cameron Hubbard for IS 6465 at the University of Utah's David Eccles School of Business.
MIT License — see LICENSE for full text.